development & informednetworker.com & security dmackey on 12 Dec 2007 06:29 am
What’s New - December 12th, 2007.
Today was a very un-fun day in the history of Informed Networker. As some of you are probably aware, this site is built on top of the open source content management system (CMS) Pligg. Today a hacker began a massive attack on large numbers of Pligg based sites. He was able to break through the CAPTCHA (Completely Automated Turing Test to Tell Computers and Humans Apart) mechanism utilized by Pligg to prevent spammers from automating user creation and began posting massive amounts of spam comments to the sites, including Informed Networker.
Tonight I cleaned out around 2,000 fake users and hundreds of fake, spammy comments. Additionally, I implemented an Akismet mod that is fantastically handling spam comments (as I knew it would) as well as implementing a new module from Pligg developer AshDigg that implements a multi-engine CAPTCHA model that allows one to choose from varying CAPTCHA versions. As a result we are now running reCAPTCHA, a product from Carnegie-Mellon to perform CAPTCHA and hopefully prevent this sort of spammer attack from occurring in the future.
All that to say - it was a lot of work but things should be running smoothly at this point, and we apologize to anyone who experienced any difficulties with the site, including latency issues resultant from the hacker’s attacks.